Cyber Attacks: A New Threat to the Energy Industry
The Network and Information Security (NIS) Directive has been adopted on July 6th, 2016 by the European Parliament, three years after the initial proposal by the European Commission. It paves the way for a much needed common cyber security strategy within the EU. This Edito explains the reasons why the energy industry is particularly vulnerable to cyber attacks, and what tools this new directive brings about to protect European critical infrastructures.
In about two decades, the energy industry has been deeply transformed by the digital revolution, which penetrated companies’ commercial, administrative and financial branches, but also their industrial systems. From the optimization of electric grids to the precision of oil drilling, information and communication technologies (ICT) are now essential to every stage of energy production, transport and distribution processes. Data mining and analysis are increasingly considered as the energy sector’s new “black gold”, and generate new activities just like the platform Predix, designed by General Electric to help energy companies (among others) collect and analyze industrial data.
This silent revolution offers countless economic opportunities and paves the way for a better resource distribution and use. But it also puts physical energy infrastructures at risk.
An Expanding Threat
The 23 December 2015 in Ukraine, a cyber-attack on several regional grid operators deprived more than 200 000 people of electricity for a few hours, and constrained operators to physically intervene at the substations to restore power. Since substations could no longer be remotely controlled, on-site interventions had to be maintained during several weeks after the event in order to ensure the electricity delivery. The use of common hacking methods such as phishing, combined with a very precise knowledge of Industrial Control Systems (ICS) dealing with electricity distribution, allowed attackers to remotely activate breakers in about 30 electric substations and cut the power off.
This was the first time a cyber-attack targeting the grid had physical consequences. Few attacks are likely to have such implications. All experts agree on the fact that the level of preparation and coordination, the degree of knowledge of ICS targeted and probable financial means invested in this operation are not within reach of any criminal group, or State. Moreover, an on-field study conducted by several Federal US agencies found that the Ukrainian operators’ ICS were particularly well protected.
Ukrainian authorities have been quick to point at Russia after the event, and even if very few elements can lead to the conclusion that Moscow was involved in the attack, this event might well have a geopolitical background. The only other known cyber-attack with serious consequences on an energy infrastructure goes back to the Stuxnet worm discovered in 2010, designed to slow the progression of the Iranian nuclear program. A thousand uranium enrichment centrifuges were damaged by this malware, which went unnoticed for more than a year. Here again, strategic interests and the presumed support of two nation-States (the USA and Israel) make this attack remarkable.
Energy companies are more and more targeted by this kind of threats, and the structure of their activity makes them particularly vulnerable, for several reasons...
Read the full text in PDF below.
Download the full analysis
This page contains only a summary of our work. If you would like to have access to all the information from our research on the subject, you can download the full version in PDF format.
Cyber Attacks: A New Threat to the Energy Industry
Related centers and programs
Discover our other research centers and programs
Center for Energy & Climate
Ifri's Energy and Climate Center carries out activities and research on the geopolitical and geoeconomic issues of energy transitions such as energy security, competitiveness, control of value chains, and acceptability. Specialized in the study of European energy/climate policies as well as energy markets in Europe and around the world, its work also focuses on the energy and climate strategies of major powers such as the United States, China or India. It offers recognized expertise, enriched by international collaborations and events, particularly in Paris and Brussels.
Find out more
Discover all our analyses
Can carbon markets make a breakthrough at COP29?
Voluntary carbon markets (VCMs) have a strong potential, notably to help bridge the climate finance gap, especially for Africa.
Taiwan's Energy Supply: The Achilles Heel of National Security
Making Taiwan a “dead island” through “a blockade” and “disruption of energy supplies” leading to an “economic collapse.” This is how Colonel Zhang Chi of the People’s Liberation Army and professor at the National Defense University in Beijing described the objective of the Chinese military exercises in May 2024, following the inauguration of Taiwan’s new president, Lai Ching-te. Similar to the exercises that took place after Nancy Pelosi’s visit to Taipei in August 2022, China designated exercise zones facing Taiwan’s main ports, effectively simulating a military embargo on Taiwan. These maneuvers illustrate Beijing’s growing pressure on the island, which it aims to conquer, and push Taiwan to question its resilience capacity.
India’s Broken Power Economics : Addressing DISCOM Challenges
India’s electricity demand is rising at an impressive annual rate of 9%. From 2014 to 2023, the country’s gross domestic product (GDP) surged from 1.95 trillion dollars ($) to $3.2 trillion (constant 2015 US$), and the nation is poised to maintain this upward trajectory, with projected growth rates exceeding 7% in 2024 and 2025. Correspondingly, peak power demand has soared from 136 gigawatts (GW) in 2014 to 243 GW in 2024, positioning India as the world’s third-largest energy consumer. In the past decade, the country has increased its power generation capacity by a remarkable 190 GW, pushing its total installed capacity beyond 400 GW.
The Troubled Reorganization of Critical Raw Materials Value Chains: An Assessment of European De-risking Policies
With the demand for critical raw materials set to, at a minimum, double by 2030 in the context of the current energy transition policies, the concentration of critical raw materials (CRM) supplies and, even more, of refining capacities in a handful of countries has become one of the paramount issues in international, bilateral and national discussions. China’s dominant position and successive export controls on critical raw materials (lately, germanium, gallium, rare earths processing technology, graphite, antimony) point to a trend of weaponizing critical dependencies.